Add to collection(s) Add to saved
  1. Business
  2. Accounting

Internal Control Reference Guide

advertisement 
INTERNAL CONTROL REFERENCE GUIDE
INTERNAL CONTROLS
for
GENERAL BUSINESS OPERATIONS
Updated by
Ohio University Internal Audit Office
January 2004
INTERNAL CONTROL REFERENCE GUIDE
***This document was retrieved from the Central MichiganUniversity Internal Audit Department and altered by the Ohio
University Internal Audit Department.
INTERNAL CONTROLS
for
GENERAL BUSINESS OPERATIONS
CONTENTS
Back Up Critical Information .................................................................................... 2
Check, Cash and Credit Card Handling ...................................................................... 2
Computer Security .................................................................................................. 3
Computer Virus Protection Software ......................................................................... 4
Contracting Authority .............................................................................................. 4
Employee Separation Checklist................................................................................. 4
Equipment .............................................................................................................. 5
Expenditures …………………………………………………………………… ................................... 5
Fees and Other Revenue ........................................................................................ 5
Gifts ....................................................................................................................... 7
Independent Contractors ......................................................................................... 7
Petty Cash and Change Funds.................................................................................. 7
Purchasing Card ...................................................................................................... 8
Reconciling the Department’s Accounts .................................................................... 8
Review Mailroom, Phone, Fax, and Copier Usage ...................................................... 8
Security Systems....................................................................................................... 9
Segregation of Duties .............................................................................................. 9
Revenue Processing
Payroll Processing
Expenditure Processing
Credit Card Processing
Software Licenses ................................................................................................... 9
Taxes ………………………………………………………………………………………………………… ... … 10
Travel ................................................................................................................... 11
Vendor Relations .................................................................................................... 11
Written Procedures ................................................................................................ 12
Included in this quick reference guide are procedures that Internal Audit believes will
help you create good internal controls over most basic business operations in your
planning unit. It is not intended to be an all-inclusive list, and you may find that some
1
procedures do not adequately address your particular needs. In such cases, feel free to
contact Internal Audit at 593-1865 or chamberk@ohio.edu. We will be happy to further
assist you in developing effective and efficient controls that work for you.
Back Up Critical Information
One of the most vital internal controls is ensuring important information is
accessible and available when you need it. To safeguard critical information, back
up your computer files (data and or applications) on a regular, periodic basis, and
store the disks or tapes off-site.
Check, Cash and Credit Card Handling
Ideally, revenue and other receipts should be processed through Accounts
Receivable. But many operating departments receive cash, checks and credit card
remittances. At a minimum, good internal controls require:
1. Pre-numbered receipts be provided to all remitters of cash;
2. Checks be restrictively endorsed immediately upon receipt (eg “Ohio University
for deposit only”) by a person with no other receipt processing duties;
3. Receipts be deposited daily (it’s a state law in Ohio) by a person with no other
receipt processing duties, and in such a way as to ensure the safety of
employees who deliver deposits to the bank or cashier;
4. Money be kept in a secure location in the department, such as a locked filing
cabinet, locked box, or safe until it’s deposited. Keys or combinations should
only be given to those employees who really need them to perform their job
duties and access should be limited to just two people (one serving as a backup).
Keys should be collected and combinations changed when an employee with
access leaves the employ of the department.
5. Deposits be reconciled to cashier-validated slips and monthly ORACLE reports;
6. Supervisors monitor department employees who handle cash;
7. Cash registers and credit card machines be balanced daily (or at the close of
each shift) and over/short amounts and trends be monitored;
8. Persons preparing billing and accounts receivable records should not perform any
receipt collection duties; and
9. Taxes collected from the sale of taxable items be calculated and deposited into a
separate Sales Tax account.
2
Computer Security
A significant amount of money is spent each year on computer equipment.
Departments rely heavily on information created, processed and stored on
computers. Decisions made about the level of security should consider the value of
the data being processed, the expense related to securing it, and the potential loss
(both effort and dollars) if a security measure is not implemented. Here are some
good computer and password security controls to consider:
1. Limit physical access to computers and media to protect against damage and
theft.
2. Limit logical access to only those users who need it to perform their job
responsibilities.
3. Use passwords to restrict access.
Passwords should:
 be easy to remember

be difficult to guess

not be of a fixed length, but at least six (6) characters long

not be displayed when inputted

be changed periodically by the user

be forced to change by the system administrator

not be dictionary words, either forwards or backwards

be made up of letters, numbers, and special characters

not be shared with anyone (supervisor or other staff)

not be used as a group of users’ “generic” password

not be posted or written down in an unsecured location, i.e., desk drawers

be immediately changed if you suspect it was compromised

be changed when a user leaves the department or changes job duties

be complex proportionate to the data

not be the same as your user ID

not be names of your pets or children, phone numbers, street addresses
4. Log off computers that are unattended.
3
5. Maintain and update comprehensive inventory records of computer equipment,
including purchase data, serial numbers, and warranty details.
6. Require departmental employees to sign-out laptop computers for overnight or
travel use. Obtain a signed acknowledgement from all employees for whom
computers are purchased for home use.
7. Maintain and update written documentation of logic and design for databases
and spreadsheets used in critical functions.
8. Prohibit downloading of software from the internet and prohibit the use of disks,
tapes, and CDs from unknown or unreliable sources.
9. Identify a system administrator to coordinate security considerations and physical
inventory duties.
Computer Virus Protection Software
According to some estimates, new computer viruses are created at a rate of over
200 per month. Consequently, you should obtain and install computer virus
protection software on every machine, set it to run continuously, and
update/upgrade it automatically. As stated above, you should also prohibit the
downloading of software from the internet and prohibit the use of disks, tapes, and
CDs from unknown or unreliable sources. Contact the CNS website for additional
information at http://www.cns.ohiou.edu/.
Contracting Authority
Anyone signing contracts must have the proper authority to do so. The Legal Affairs
office maintains a list of all individuals who have been delegated the authority to
sign contracts on behalf of the university. For more information, contact Legal
Affairs at 593-2626.
Employee Separation Checklist
UHR (University Human Resources) created an Employee Separation Checklist which
can be found at
http://www.uhr.ohiou.edu/UHR_Svc_Dir/Forms/form_files/empsepck.pdf. The form
is to be completed by the supervisor and signed by the leaving employee. Modify
the form to include specifics for your department and use it to ensure you have
collected all University assets and completed all required action related to the
separation
4
Equipment
1. Capitalized equipment (ie, valued at $2,500 or more and with a useful life of at
least 5 years – as required by the University policy) must be tagged by
Equipment Inventory and physically verified at least annually against their
records. See Equipment Inventory’s website at
http://www.finance.ohiou.edu/equipment.html for additional information.
2. Departments should maintain their own inventory listings of the type of
expendable equipment (non capital) that could be easily misappropriated (eg,
computers, videos, cameras). Such records should also be physically verified at
least annually.
3. Employees removing equipment (capitalized or expendable) from campus should
complete a sign-out form acknowledging receipt and responsibility for its return.
4. Every department must identify a person to determine whether unneeded or
unwanted equipment can be considered surplus or obsolete. Such equipment
must be disposed of according to policy. Additional information can be found at
http://www.facilities.ohiou.edu/campusrv/moving_surplus/surplus.htm.
5. Leased equipment may be considered capital or operating (expensed). Contact
Purchasing for assistance in reviewing lease documents before signing them.
Additional information can be found at
http://www.finance.ohiou.edu/purch/index.html.
Expenditures
1. Establish approval policies for each type of expenditure (purchase requisitions,
payment requisitions, Purchasing Card (PCard) transactions, travel and expense
reports) and communicate those policies to all departmental employees.
2. Ensure that the person(s) approving expenditures have the authority to do so
and the necessary knowledge to make informed decisions.
3. Maintain detailed supporting documentation for all expenditures and reconcile
them to the department’s financial accounts on a timely basis.
4. Segregate authorization and reconciliation duties and/or ensure the person
responsible for the account reviews the reconciliation against supporting
expenditure documentation.
5. Ensure all timesheets are signed by employees, and approved and signed by the
employees’ immediate supervisor.
5
6. Ensure someone administratively senior to the traveler approves travel expense
reports.
7. Obtain itemized receipts for all PCard purchases, and reconcile them to monthly
PCard statements.
8. Remember to notify vendors that the University is exempt from Ohio Sales Tax,
and request refunds or take credits for Sales Tax improperly charged.
9. Ensure purchase invoices agree with contractual and order terms.
Fees and Other Revenue
The Fee Committee must authorize each fee imposed by any University unit. See
the Accounting Manual at http://www.finance.ohiou.edu/accounting/index.htm for
additional information on establishing or changing fees.
To the extent possible, use Accounts Receivable to prepare revenue billings and
perform collection procedures. Revenue should be accounted for in a revenue
source code (as opposed to an expense reduction code). If your department
maintains accounts receivable, follow these internal control guidelines:
1. Maintain a subsidiary listing of all customer accounts, and record invoices issued
and payments received by customer.
2. Reconcile invoices issued with revenue recorded in the financial accounts.
3. Summarize and age uncollected revenue monthly and reconcile with accounts
receivable balance in the financial accounts.
4. Use prenumbered sales invoices and account for all sales forms issued.
5. Ensure the person(s) responsible for recording sales does not also collect
receipts.
6. Refer to cash handling guidelines for collection controls.
Gifts
Contact the Foundation Office at 593-1882 or visit their website at
http://www.finance.ohiou.edu/foundation/foundfaqs.htm to learn how to handle gifts
and donations to the University.
6
Recent policy changes allow more opportunities to purchase gifts (employee
recognition, retirement, business partners) with University and Foundation funds. Strict
rules as well as grant and income tax implications require precise account coding, so be
sure to review the new policies before making any gift purchase at
http://www.ohiou.edu/policy/index.html.
Independent Contractors
The IRS follows specific rules for determining whether an individual is considered to
be an employee or an independent contractor. The former is paid wages, through
Payroll, and all normal employment processes and forms must be followed and
prepared. The latter is paid fees, through Accounts Payable, and a University
employee with contract authority must make agreements for services purchased.
Some individuals operate under a business name, so be sure to ask whether the
business is a corporation, partnership, sole proprietorship, etc… If this cannot be
determined, contact the Controller for assistance in determining the proper status
before hiring the services of that individual. See Finance’s Accounting Manual for
additional information about employees vs. independent contractors at
http://www.finance.ohiou.edu/accounting/index.htm.
Petty Cash and Change Funds
Petty Cash is a relatively small amount of cash on hand available for minor
purchases that cannot be purchased using the PCard.
The University wants to minimize the use of Petty Cash funds. The PCard can be
used to purchase many of the expenditures for which Petty Cash Funds were
traditionally used. If you still need a Petty Cash or Change Fund follow the
University’s Petty Cash and Change Fund Policy located at
http://www.ohiou.edu/policy/41-122.html. Below are some additional internal
control practices to follow:
1. Keep funds intact and do not use them for purposes other than for which they
are authorized.
2. Do not intermingle cash funds with other receipts.
3. Do not use funds for loans, personal business, cashing checks or expense
reimbursement.
4. Ensure all Petty Cash disbursements are supported by an invoice or receipt
containing sufficient detail of the business reason for the expenditure.
5. Mark invoices or receipts (cancel them) so they cannot be reused.
7
6. Keep funds in a physically secure location at all times.
7.
Redeposit remaining funds with the Cashier, when the need for the fund ceases
for more than three months or when the University is not in session.
Purchasing Card
Purchasing cards should be handled the same way you handle cash: they should be
secured (eg, carried by the cardholder, or locked in a desk, cabinet, or safe) and the
account number should be carefully controlled.
Because you are performing your own Purchasing and Accounts Payable functions
by using the PCard, you must be aware that there may be specialized accounting
issues for which you are responsible. Most of these are covered in other sections
(Expenditures, Segregation of Duties, Reconciling Accounts, etc), in cardholder and
user trainings, and in the Purchasing section of University Policies and Procedures.
Contact the Purchasing Card Administrator or visit the PCard website at
http://www.finance.ohiou.edu/pcard/index.html for specific rules relating to PCard
use.
Reconciling the Department’s Accounts
Budget Managers receive monthly ORACLE financial reports. The reports include
revenue, expenditure, and encumbrance amounts recorded and comparisons of
actual to budgeted amounts.
Reconcile recorded amounts to supporting
documentation (eg, billing authorizations, PCard statements, time sheets, etc.) to
ensure all transactions are accurately recorded. Identify transactions not yet
recorded in the accounts to determine current funds availability.
Review Mailroom, Phone, Fax, Copier and Utilities Usage
Mailroom, phone, fax and copier charges should be reviewed for reasonableness.
Depending upon the needs and structure of the department, you might want to
maintain a log of business calls, and agree it to the monthly usage charge. On an
exception basis, Mail Services can provide original charge slips for your review.
Individuals can obtain their own CND calling card accounts for personal charges,
University resources should not be used for personal purposes. Supervisors or
Budget Managers should obtain reimbursement from employees for any such
personal use and deposit to the unit’s operating account with the Cashier.
8
Security Systems
Inform the Ohio University Police Department (OUPD) of any security system
installed on campus. Give keys or codes only to those employees who need them to
perform their job responsibilities, but at least two people (one serving as backup).
Collect keys and change codes when employees leave the department or their job
duties change.
Segregation of Duties
Though more difficult to accomplish in small departments, segregation of duties is
possible in any office containing two or more people. Departments should review
revenue, payroll, expenditure, and credit card processing procedures to ensure
adequate controls are in place. These processes provide adequate segregation of
duties:
1. Revenue Processing: One person receives the revenue and creates the
payment documentation (eg, receipt, receipt log or copy of check). A second
person prepares the deposit and reconciles the deposit amounts to the bank
and general ledger accounts at least monthly. The first person receives the
validated deposit slip from the cashier and agrees it to the payment
documentation s/he prepared originally. The second person reconciles the
payment amount to the billing records (ie, what should have been collected).
2. Payroll Processing: One person prepares the timesheets and gives them
to a second person to review, approve and deliver to Payroll. The first person
prepares the monthly account reconciliation and the second person reviews it
for reasonableness. Also see Expenditures.
3. Expenditure Processing: One person approves expenditures and a second
person receives deliveries and reconciles accounts. The first person reviews
account reconciliations against supporting documentation. One person could
be given authority to approve expenditures, receive deliveries, and reconcile
accounts if a second person performs supervisory reviews of the statements
and supporting documentation.
4. Credit Card Processing: The cardholder reconciles the monthly credit card
statement to the supporting documentation. Another person reviews the
reconciled statement against supporting documentation.
Software Licenses
Most purchased software programs used at the University are copyrighted and/or
patented, prohibiting the University or its employees from making copies of the
9
software and/or restricting use of the program to a particular machine(s). Failing to
comply with those restrictions voids our license to use the software, and subjects
the University to charges of and penalties for software piracy (theft and fraud).
Although you may have received computers already loaded with applications or you
may have received software disks or CDs from a CSC or CNS employee, it may not
be apparent what you are allowed to do with those programs.
As users and/or purchasers of software packages, departments have the
responsibility to be aware of the various agreements pertaining to each. Making
illegal copies of licensed software may result in an individual and/or the University
being held liable.
When in doubt regarding software purchased assume the software is:
 not to be copied except for making a back-up
 designated for use with only one PC/Laptop at a time and is not to be
used by multiple users on a local area network.
 not normally maintained and updated by the vendor unless the
department paid an annual maintenance/support fee or paid for an
updated version.
You will also want to follow these control guidelines:
1. Place the manufacturer’s copyright notice on all copies of the software.
2. Maintain an updated inventory of all software used in the department,
indicating the machine(s) on which it is loaded, the number of copies
purchased and licenses obtained, the location of original and back-up disks or
CDs (at least one should be off-site), and maintenance agreement details.
3. Do not allow employees to load personal software on University computers
unless they can prove they have a license to do so. Maintain that
documentation in the department’s files as evidence of legal use.
4. Prohibit the downloading of all software from the internet.
Taxes
Although the University is commonly considered exempt from tax, there are many
activities and situations that generate some form of tax liability. One of the most
common is UBIT – Unrelated Business Income Tax. It is generally assessed on
revenues generated from activities that are unrelated to the educational mission of
the University.
Examples include:
certain workshop income, facilities and
recreational fees charged to the community, advertising income, room and board or
food sales to the general public, and many others.
10
Contact the Controller or Legal Affairs for a determination of UBIT tax implications
for revenue generating activities in your area.
Another common tax liability is Sales Tax. Sales that qualify as UBIT will normally
also be subject to Sales Tax, unless the end user of the good or service being sold is
itself exempt from Sales Tax. Ohio University is exempt from paying Sales Tax on
purchases of goods and services, with certain stipulations.
Travel
There are a variety of rules regarding travel expense reimbursements, and they are
discussed in detail in the University’s travel policy and on Finance’s travel website.
The website is located at http://www.finance.ohiou.edu/travel/index.html. It is
important to remember that the IRS can recharacterize travel expense
reimbursements as compensation (subject to income taxation), if their rules are not
strictly followed.
Vendor Relations
Below are some reminders from Procurement Services to help you handle relations with
vendors.
GIFTS FROM VENDORS: It is state law. Don’t accept or solicit gifts from University
vendors! It sounds simple, but following this directive can be difficult for the
uninitiated. Some Q&A:
Q: IS IT OK THAT A SALES REP GAVE ME A PLASTIC BALLPOINT LOGO PEN?
A: A good practice for dealing with gifts of minimal value ($25 or less), that are given
infrequently, is to put the pen or calendar (e.g.) in a public area rather than use it
personally. Gifts of any significant value should not be accepted, nor should a pattern
of gift-giving develop.
Here are some guidelines to use:
--When in doubt, say no. Feel free to call Procurement ((Mary Patacca, 3-1965,
patacca@ohio.edu or Ralph Six 3-1970, six@ohio.edu)) if you are uncertain how to
proceed.
--Return gifts of value if they are sent to you. Let the vendor know that University
employees cannot accept such gifts from University vendors.
Q: SHOULD I LET A SALES REP PAY FOR MY LUNCH AND/OR TAKE ME OUT TO AN
ENTERTAINMENT EVENT?
A: No. Do not accept personal invitations. Pay your own way on business lunches and
the like.
11
Q: IS IT OK TO TAKE A DISCOUNT BEING OFFERED, TO OU EMPLOYEES, ON MY
PERSONAL PURCHASE?
A: If the discount is being offered to all OU employees, it can be accepted. NEVER
accept a discount or gift being offered to you, particularly and personally, by a vendor
hoping to influence your job-related decisions. NEVER accept, expect, or solicit special
treatment or gifts from a vendor because you are in a position to help direct University
business their way.
Those are the basics. Anyone who is in a position that requires them to select vendors
– be it for everyday buying with their p-card, or for high dollar vendor awards as
members of a selection committee – should read all the details, at the following Ohio
Ethics Commission websites:
Ohio Ethics Law:
http://ethics.ohio.gov/ethicslawrevisedcode.html
Ohio Ethics Commission Guidelines: “Ethics is Everybody’s Business”
http://ethics.ohio.gov/publicinfoeieb.pdf
Written Procedures
The most basic of all internal controls is to establish written documentation of your
operating policies and procedures so that employees can apply them consistently
and accurately. Written guidelines serve as training tools and reference manuals.
They also provide employees with an authoritative source on which to make
decisions as they perform their duties.
12
Related documents
Employee Self-Evaluation - Student Life Human Resources
Employee Self-Evaluation - Student Life Human Resources
Ref No
Ref No
RESUME FOR STEVEN LIPPITT 944 Riley Wills Rd. phone: 513
RESUME FOR STEVEN LIPPITT 944 Riley Wills Rd. phone: 513
FUNCTIONAL AREA: Research and Development
FUNCTIONAL AREA: Research and Development
Ohio Livestock Coalition Annual Meeting & Symposium to
Ohio Livestock Coalition Annual Meeting & Symposium to
Eligibility grid ERA-CA-2014-006
Eligibility grid ERA-CA-2014-006
Code of Conduct for Staff
Code of Conduct for Staff
Sequencing Rationale
Sequencing Rationale
Download
advertisement